ai/gitea-mcp
1
0
Fork 0
mirror of https://gitea.com/gitea/gitea-mcp.git synced 2025-08-23 14:23:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

build: refactor Dockerfile for security, performance, and flexibility (#50)

Browse Source 
- Switch build base image to Alpine and set platform dynamically
- Use distroless nonroot image for final stage to enhance security
- Add build arguments for VERSION, TARGETOS, and TARGETARCH with defaults
- Cache Go module and build dependencies to improve build performance
- Remove manual installation of ca-certificates and user creation (handled by base image)
- Set nonroot user for running the application
- Add healthcheck for the built binary
- Add OCI-compliant author and version labels

Signed-off-by: appleboy <appleboy.tw@gmail.com>

Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/50
Co-authored-by: appleboy <appleboy.tw@gmail.com>
Co-committed-by: appleboy <appleboy.tw@gmail.com>
This commit is contained in:
appleboy
2025-05-30 04:58:24 +00:00
committed by Bo-Yi Wu (吳柏毅)
parent da49bdeb96
commit e94dd26b30
1 changed files with 20 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
Dockerfile
View File

@@ -1,39 +1,38 @@
# syntax=docker/dockerfile:1.4
# Build stage # Build stage
FROM golang:1.24-bullseye AS builder FROM --platform=$BUILDPLATFORM golang:1.24-alpine AS builder
ARG VERSION ARG VERSION=dev
ARG TARGETOS
ARG TARGETARCH
# Set the working directory
WORKDIR /app WORKDIR /app
# Copy go.mod and go.sum files
COPY go.mod go.sum ./ COPY go.mod go.sum ./
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
# Download dependencies
RUN go mod download
# Copy the source code
COPY . . COPY . .
RUN --mount=type=cache,target=/go/pkg/mod \
RUN CGO_ENABLED=0 go build -ldflags="-s -w -X main.Version=${VERSION}" -o gitea-mcp --mount=type=cache,target=/root/.cache/go-build \
CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} \
go build -trimpath -ldflags="-s -w -X main.Version=${VERSION}" -o gitea-mcp
# Final stage # Final stage
FROM debian:bullseye-slim FROM gcr.io/distroless/static-debian11:nonroot
ENV GITEA_MODE=stdio ENV GITEA_MODE=stdio
WORKDIR /app WORKDIR /app
COPY --from=builder --chown=nonroot:nonroot /app/gitea-mcp .
# Install ca-certificates for HTTPS requests USER nonroot:nonroot
RUN apt-get update && \
apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
# Create a non-root user HEALTHCHECK --interval=30s --timeout=3s \
RUN useradd -r -u 1000 -m gitea-mcp CMD ["/app/gitea-mcp", "healthcheck"]
COPY --from=builder --chown=1000:1000 /app/gitea-mcp . LABEL org.opencontainers.image.authors="your-team@example.com"
LABEL org.opencontainers.image.version="${VERSION}"
# Use the non-root user CMD ["/app/gitea-mcp"]
USER gitea-mcp
CMD ["/app/gitea-mcp"]